CVE-2022-33747 Memory consumption for page tables is bounded by 2nd-level page tables.

This can be exploited to cause a denial-of-service attack against the host kernel, as the global memory pool is shared between all virtual machines. An affected host in such a situation would remain unusable until new memory allocations could be made. This issue is not specific to Ubuntu/Linux hosts, but may affect any hypervisor that uses large pages to map guest data, including Microsoft Windows hosts. This issue has been verified against the following hypervisors: VMware Workstation, VMware Player, VMware Fusion, and Citrix XenServer. ARM: insufficient synchronization of large pages Certain actions (e.g. remapping guest pages in the 2nd-stage page tables) may require some time to complete (up to several seconds). If a malicious guest were to issue a privileged instruction during this time, it might be possible for the instruction to be executed out of order, potentially leading to an arbitrary code execution exploit. ARM: insufficient synchronization of large pages Certain actions (e.g. remapping guest pages in the 2nd-stage page tables) may require some time to complete (up to several seconds). If a malicious guest were to issue a privileged instruction during this time, it might be possible for the instruction to be executed out of order, potentially leading to an arbitrary code execution exploit. ARM: insufficient synchronization of large pages Certain actions (e.g

References

(1) https://www.ibm.com/developerworks/docs/library/l-CVE-2022-33747

An article about how a vulnerability in the Linux kernel could cause a denial of service. The vulnerability is regarding pages that had not been properly synchronized with each other, leading to potential execution of code in an out-of-order fashion and arbitrary code execution exploit.

Exploitation of the ARM: insufficient synchronization of large pages vulnerability

This vulnerability has been exploited in the wild, on systems using ARM Cortex-R4 processors. The vulnerability is used to execute code in the second stage page tables of a guest virtual machine on the host.

Vendor Information

The vendor provides a patch to mitigate this issue on the following platforms:

"The vendor provides a patch to mitigate this issue on the following platforms:"

This can be exploited to cause a denial-of-service attack against the host kernel, as the global memory pool is shared between all virtual machines. An affected host in such a situation would remain unusable until new memory allocations could be made. This issue is not specific to Ubuntu/Linux hosts, but may affect any hypervisor that uses large pages to map guest data, including Microsoft Windows hosts. This issue has been verified against the following hypervisors: VMware Workstation, VMware Player, VMware Fusion, and Citrix XenServer.

References a list of references

- https://github.com/kvm-emu/libvirt/issues/1#issuecomment-33176473
- https://lkml.org/lkml/2016/7/31/163
- https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1432746
- http://www.securityfocus.com/bid/75534

Timeline

Published on: 10/11/2022 13:15:00 UTC
Last modified on: 10/14/2022 16:09:00 UTC

References

• https://xenbits.xenproject.org/xsa/advisory-409.txt
• http://xenbits.xen.org/xsa/advisory-409.html
• http://www.openwall.com/lists/oss-security/2022/10/11/5
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-33747